Vulnerability Description
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 7.0.0, < 7.88 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://www.drupal.org/sa-core-2022-003PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
- https://www.drupal.org/sa-core-2022-003PatchVendor Advisory
FAQ
What is CVE-2022-25271?
CVE-2022-25271 is a vulnerability with a CVSS score of 7.5 (HIGH). Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values o...
How severe is CVE-2022-25271?
CVE-2022-25271 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25271?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Fedoraproject Fedora.